Re: FBR: add lists.pagure.io to our mailing-lists
On Mon, Sep 24, 2018 at 8:05 PM Pierre-Yves Chibon wrote: > On Mon, Sep 24, 2018 at 02:46:00PM +0200, Brian (bex) Exelbierd wrote: > >On Fri, Sep 21, 2018 at 4:40 PM Aurelien Bompard < > aurel...@bompard.org> > >wrote: > > > > Hey folks! > > > > Pingou would like to announce the availability of mailing-lists on > > lists.pagure.io with the 5.0 release. The following patch should > add > > the new domain to our mailing list server. > > Affected services are the mailman server and the proxies. > > > >Where was lists.pagure.io announced? I'd like more details on what > it > >actually does. > > It wasn't announced since it doesn't exist yet :) > > It is basically another domain attached to our existing mailman3 > deployment so > projects hosted on pagure.io can ask for mailing lists. > The first two I'll ask for being pagure-devel and pagure-announce :) Ahh. If needed/helpful I suspect OSAS could host it as well :). Regards, bex > > > Pierre > ___ > infrastructure mailing list -- infrastructure@lists.fedoraproject.org > To unsubscribe send an email to > infrastructure-le...@lists.fedoraproject.org > Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedoraproject.org/archives/list/infrastructure@lists.fedoraproject.org > -- Brian (bex) Exelbierd | bexel...@redhat.com | b...@pobox.com Fedora Community Action & Impact Coordinator @bexelbie | http://www.winglemeyer.org ___ infrastructure mailing list -- infrastructure@lists.fedoraproject.org To unsubscribe send an email to infrastructure-le...@lists.fedoraproject.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/infrastructure@lists.fedoraproject.org
Re: FBR: add lists.pagure.io to our mailing-lists
On Mon, Sep 24, 2018 at 02:46:00PM +0200, Brian (bex) Exelbierd wrote: >On Fri, Sep 21, 2018 at 4:40 PM Aurelien Bompard >wrote: > > Hey folks! > > Pingou would like to announce the availability of mailing-lists on > lists.pagure.io with the 5.0 release. The following patch should add > the new domain to our mailing list server. > Affected services are the mailman server and the proxies. > >Where was lists.pagure.io announced? I'd like more details on what it >actually does. It wasn't announced since it doesn't exist yet :) It is basically another domain attached to our existing mailman3 deployment so projects hosted on pagure.io can ask for mailing lists. The first two I'll ask for being pagure-devel and pagure-announce :) Pierre ___ infrastructure mailing list -- infrastructure@lists.fedoraproject.org To unsubscribe send an email to infrastructure-le...@lists.fedoraproject.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/infrastructure@lists.fedoraproject.org
[Fedocal] Reminder meeting : Infra Office Hours
Dear all, You are kindly invited to the meeting: Infra Office Hours on 2018-09-25 from 18:00:00 to 19:00:00 UTC At fedora-ad...@irc.freenode.net The meeting will be about: Weekly hour dedicated to answer questions or help people with fixing tickets or implementing features. Source: https://apps.fedoraproject.org/calendar/meeting/9255/ ___ infrastructure mailing list -- infrastructure@lists.fedoraproject.org To unsubscribe send an email to infrastructure-le...@lists.fedoraproject.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/infrastructure@lists.fedoraproject.org
Re: a few more changes for lists.pagure.io
+1 Please do On Sun, 23 Sep 2018 at 02:11, Pierre-Yves Chibon wrote: > > On Sat, Sep 22, 2018 at 01:03:29PM -0700, Kevin Fenzi wrote: > > I had to make a few more changes to get lists.pagure.io working. > > > > I haven't pushed these to all the proxies yet, will wait until I get > > +1's or revert. > > > > commit 2359610fd4298fd9e54fbb49bdf809ff387639e5 > > Author: Kevin Fenzi > > Date: Sat Sep 22 20:01:06 2018 + > > > > add lists.pagure.io to varnish config > > > > diff --git a/roles/varnish/templates/proxies.vcl.j2 > > b/roles/varnish/templates/proxies.vcl.j2 > > index 121fbec..5150c36 100644 > > --- a/roles/varnish/templates/proxies.vcl.j2 > > +++ b/roles/varnish/templates/proxies.vcl.j2 > > @@ -282,7 +282,7 @@ sub vcl_recv { > > } > > } > > } > > -if (req.http.X-Forwarded-Server ~ "^lists.fedoraproject.org" || > > req.http.X-Forwarded-Server ~ "^lists.stg.fedoraproject.org" || > > req.http.X-Forwarded-Server ~ "^lists.fedorahosted.org" || > > req.http.X-Forwarded-Server ~ "^lists.stg.fedorahosted.org" ) { > > +if (req.http.X-Forwarded-Server ~ "^lists.fedoraproject.org" || > > req.http.X-Forwarded-Server ~ "^lists.stg.fedoraproject.org" || > > req.http.X-Forwarded-Server ~ "^lists.fedorahosted.org" || > > req.http.X-Forwarded-Server ~ "^lists.stg.fedorahosted.org" || > > req.http.X-Forwarded-Server ~ "^lists.pagure.io" ) { > > set req.backend_hint = mailman; > > } > > if (req.http.X-Forwarded-Server ~ "^apps.fedoraproject.org" || > > req.http.X-Forwarded-Server ~ "^apps.stg.fedoraproject.org") { > > > > and > > > > commit 3363db41b29f017d1365a91feec102d0b2a5ce7f > > Author: Kevin Fenzi > > Date: Sat Sep 22 19:36:58 2018 + > > > > need certbot here and it will use the right names > > > > diff --git a/playbooks/include/proxies-websites.yml > > b/playbooks/include/proxies-websites.yml > > index 65597cd..d76c963 100644 > > --- a/playbooks/include/proxies-websites.yml > > +++ b/playbooks/include/proxies-websites.yml > > @@ -904,8 +904,9 @@ > >- role: httpd/website > > site_name: lists.pagure.io > > sslonly: true > > -cert_name: lists.pagure.io.cert > > -SSLCertificateChainFile: lists.pagure.io.intermediate.cert > > +certbot: true > > +tags: > > +- lists.pagure.io > > > > # fedorahosted is retired. We have the site here so we can redirect it. > > > > > > +1 for me, thanks :) > > > Pierre > ___ > infrastructure mailing list -- infrastructure@lists.fedoraproject.org > To unsubscribe send an email to infrastructure-le...@lists.fedoraproject.org > Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedoraproject.org/archives/list/infrastructure@lists.fedoraproject.org -- Stephen J Smoogen. ___ infrastructure mailing list -- infrastructure@lists.fedoraproject.org To unsubscribe send an email to infrastructure-le...@lists.fedoraproject.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/infrastructure@lists.fedoraproject.org
suggested patch for review - issue 7158 - corrections
Happy Monday all. Here's an updated set of patches for issue 7158, with some of Kevin's comments on my previous attempt for context; On 9/18/18 5:44 PM, Kevin Fenzi wrote: > > Confusingly, we have a 'certbot' rule, but thats old and we should nuke > it. The new one is the 'letencrypt' role. It handles requesting a cert > from letsencrypt for the site it's called with and putting certs on any > other machines. > > So, keep the planet role as it is. > > Instead add to the playbooks/groups/people.yml the letencrypt role with > the site_name as fedoraplanet.org. Take a look at the taskotron.yml > playbook, I added this setup for taskotron-dev eariler today. > New people.yml patch adding certgetter role - tried to follow the taskotron-dev example; diff --git a/playbooks/groups/people.yml b/playbooks/groups/people.yml index e7661b4b4..77b34cb23 100644 --- a/playbooks/groups/people.yml +++ b/playbooks/groups/people.yml @@ -69,6 +69,7 @@ - cgit/make_pkgs_list - clamav - planet + - { role: letsencrypt, site_name: 'fedoraplanet.org' } - fedmsg/base - git/server >> ^/\.well-known/(.*)/srv/web/acme-challenge/.well-known/$1 [L] >> + RewriteRule "^/?(.*)" "https://certgetter01/$1; [L,R=301,NE] > > Change 'certgetter01' here to 'fedoraproject.org'. That will hit our > proxies and get proxied into certgetter. >> > > kevin > New planet.conf patch with above change; diff --git a/roles/planet/templates/planet.conf b/roles/planet/templates/planet.conf index 319923d2a..0875e7aa4 100644 --- a/roles/planet/templates/planet.conf +++ b/roles/planet/templates/planet.conf @@ -14,6 +14,11 @@ ErrorLog logs/planet-error.log CustomLog logs/fedoraplanet.org-access.log common + + # let certbot get an answer from certgetter01 + RewriteEngine on + RewriteRule ^/\.well-known/(.*)/srv/web/acme-challenge/.well-known/$1 [L] + RewriteRule "^/?(.*)" "https://fedoraproject.org/$1; [L,R=301,NE] UserDir disable AddCharset UTF-8 .xml @@ -79,3 +84,32 @@ RedirectMatch permanent /(.*) http://fedoraplanet.org/$1 + + ## + # Domain: fedoraplanet.org + # Owner: ad...@fedoraplanet.org + # + ServerName fedoraplanet.org + + SSLEngine on + SSLCertificateFile /etc/letsencrypt/live/fedoraplanet.org/cert.pem + SSLCertificateKeyFile /etc/letsencrypt/live/fedoraplanet.org/privkey.pem + SSLCertificateChainFile /etc/letsencrypt/live/fedoraplanet.org/fullchain.pem + SSLHonorCipherOrder On + SSLCipherSuite RC4-SHA:AES128-SHA:ALL:!ADH:!EXP:!LOW:!MD5:!SSLV2:!NULL + SSLProtocol ALL -SSLv2 + + ServerAdmin ad...@fedoraplanet.org + ServerName fedoraplanet.org + + DocumentRoot "/srv/planet/site/" + + ErrorLog logs/planet-error.log + CustomLog logs/planet.fedoraproject.org-access.log common + + UserDir disable + AddCharset UTF-8 .xml + + RedirectMatch permanent /(.*) http://fedoraplanet.org/$1 + + Thanks! Zach diff --git a/playbooks/groups/people.yml b/playbooks/groups/people.yml index e7661b4b4..77b34cb23 100644 --- a/playbooks/groups/people.yml +++ b/playbooks/groups/people.yml @@ -69,6 +69,7 @@ - cgit/make_pkgs_list - clamav - planet + - { role: letsencrypt, site_name: 'fedoraplanet.org' } - fedmsg/base - git/server diff --git a/roles/planet/templates/planet.conf b/roles/planet/templates/planet.conf index 319923d2a..0875e7aa4 100644 --- a/roles/planet/templates/planet.conf +++ b/roles/planet/templates/planet.conf @@ -14,6 +14,11 @@ ErrorLog logs/planet-error.log CustomLog logs/fedoraplanet.org-access.log common + +# let certbot get an answer from certgetter01 +RewriteEngine on +RewriteRule ^/\.well-known/(.*)/srv/web/acme-challenge/.well-known/$1 [L] +RewriteRule "^/?(.*)" "https://fedoraproject.org/$1; [L,R=301,NE] UserDir disable AddCharset UTF-8 .xml @@ -79,3 +84,32 @@ RedirectMatch permanent /(.*) http://fedoraplanet.org/$1 + +## +# Domain: fedoraplanet.org +# Owner: ad...@fedoraplanet.org +# +ServerName fedoraplanet.org + +SSLEngine on +SSLCertificateFile /etc/letsencrypt/live/fedoraplanet.org/cert.pem +SSLCertificateKeyFile /etc/letsencrypt/live/fedoraplanet.org/privkey.pem +SSLCertificateChainFile /etc/letsencrypt/live/fedoraplanet.org/fullchain.pem +SSLHonorCipherOrder On +SSLCipherSuite RC4-SHA:AES128-SHA:ALL:!ADH:!EXP:!LOW:!MD5:!SSLV2:!NULL +SSLProtocol ALL -SSLv2 + +ServerAdmin ad...@fedoraplanet.org +ServerName fedoraplanet.org + +DocumentRoot "/srv/planet/site/" + +ErrorLog logs/planet-error.log +CustomLog logs/planet.fedoraproject.org-access.log common + +UserDir disable +AddCharset UTF-8 .xml + +RedirectMatch permanent /(.*) http://fedoraplanet.org/$1 + + signature.asc Description: OpenPGP digital signature ___ infrastructure mailing list -- infrastructure@lists.fedoraproject.org To unsubscribe send an email to infrastructure-le...@lists.fedoraproject.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines:
Re: Moving forward with Fedora's PDC
On Mon, Sep 24, 2018 at 2:43 PM Clement Verna wrote: > > > > On Mon, 24 Sep 2018 at 11:30, Michal Novotny wrote: >> >> Hello, >> >> could we use this? >> >> https://github.com/PostgREST/postgrest > > > While I don't have a strong preference for one or the other, the main reason > we decided to use DRF is to be able to reuse some of code from PDC > (https://github.com/product-definition-center/product-definition-center). We > are currently working on the releases endpoint > (https://github.com/fedora-infra/fpdc) and to be fair we did not reuse to > much code so far, but I expect that it will be the case when working on > components and composes endpoint. I guess it mainly depends on the people doing the work (that means you and the rest of the pack). clime > > >> >> we could trim down PDC to just db + REST API (+ git backend syncing >> through hooks?) >> >> It's written in Haskell (!!) and it looks really like a useful piece >> of technology. >> >> We could drop Django completely and have git for any write changes, which >> means we will automatically get: >> >> - version control >> - acls >> - public interface >> >> for free without any future maintenance. >> >> Only the writeable/interesting parts of PDC would be in DistGit. >> >> I don't know what will be stored in PDC at this point but I think >> just db + REST + git would be a suitable stack for a high-level >> release-engineering-like settings. >> >> clime >> >> P.S. I would personally be happy to help with this setup. >> >> On Wed, Sep 12, 2018 at 8:57 PM Randy Barlow >> wrote: >> > >> > On 09/12/2018 04:01 AM, Clement Verna wrote: >> > > [0] https://github.com/dhatim/python-license-check >> > >> > This looks useful, thanks for sharing! >> > >> > ___ >> > infrastructure mailing list -- infrastructure@lists.fedoraproject.org >> > To unsubscribe send an email to >> > infrastructure-le...@lists.fedoraproject.org >> > Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html >> > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines >> > List Archives: >> > https://lists.fedoraproject.org/archives/list/infrastructure@lists.fedoraproject.org >> ___ >> infrastructure mailing list -- infrastructure@lists.fedoraproject.org >> To unsubscribe send an email to infrastructure-le...@lists.fedoraproject.org >> Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html >> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines >> List Archives: >> https://lists.fedoraproject.org/archives/list/infrastructure@lists.fedoraproject.org > > ___ > infrastructure mailing list -- infrastructure@lists.fedoraproject.org > To unsubscribe send an email to infrastructure-le...@lists.fedoraproject.org > Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedoraproject.org/archives/list/infrastructure@lists.fedoraproject.org ___ infrastructure mailing list -- infrastructure@lists.fedoraproject.org To unsubscribe send an email to infrastructure-le...@lists.fedoraproject.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/infrastructure@lists.fedoraproject.org
Re: FBR: add lists.pagure.io to our mailing-lists
On Fri, Sep 21, 2018 at 4:40 PM Aurelien Bompard wrote: > Hey folks! > > Pingou would like to announce the availability of mailing-lists on > lists.pagure.io with the 5.0 release. The following patch should add > the new domain to our mailing list server. > Affected services are the mailman server and the proxies. > Where was lists.pagure.io announced? I'd like more details on what it actually does. Thanks, bex > > Can I get a couple +1s? > > A. > > > commit 46c844f7ad9dfbd824c49fcbd95be3575345d2df > Author: Aurélien Bompard > Date: Thu Sep 20 08:28:47 2018 + > > Add lists.pagure.org to Mailman > > Signed-off-by: Aurélien Bompard > > diff --git a/playbooks/include/proxies-reverseproxy.yml > b/playbooks/include/proxies-reverseproxy.yml > index 8d35a5f..8461162 100644 > --- a/playbooks/include/proxies-reverseproxy.yml > +++ b/playbooks/include/proxies-reverseproxy.yml > @@ -71,6 +71,15 @@ > keephost: true > proxyurl: "{{ varnish_url }}" > > + - role: httpd/reverseproxy > +website: lists.pagure.io > +destname: mailman3 > +localpath: / > +remotepath: / > +header_scheme: true > +keephost: true > +proxyurl: "{{ varnish_url }}" > + ># The place for the raw originals >- role: httpd/reverseproxy > website: meetbot-raw.fedoraproject.org > diff --git a/playbooks/include/proxies-websites.yml > b/playbooks/include/proxies-websites.yml > index 9c0e173..65597cd 100644 > --- a/playbooks/include/proxies-websites.yml > +++ b/playbooks/include/proxies-websites.yml > @@ -901,6 +901,12 @@ > - release-monitoring.org > when: env == "staging" > > + - role: httpd/website > +site_name: lists.pagure.io > +sslonly: true > +cert_name: lists.pagure.io.cert > +SSLCertificateChainFile: lists.pagure.io.intermediate.cert > + > # fedorahosted is retired. We have the site here so we can redirect it. > >- role: httpd/website > diff --git a/roles/base/files/postfix/main.cf/main.cf.smtp-mm > b/roles/base/files/postfix/main.cf/main.cf.smtp-mm > index 65e3cf7..3130cd0 100644 > --- a/roles/base/files/postfix/main.cf/main.cf.smtp-mm > +++ b/roles/base/files/postfix/main.cf/main.cf.smtp-mm > @@ -305,7 +305,7 @@ unknown_local_recipient_reject_code = 550 > # > #relay_domains = $mydestination > > -relay_domains = $mydestination lists.fedoraproject.org > lists.fedorahosted.org fedorahosted.org > +relay_domains = $mydestination lists.fedoraproject.org > lists.fedorahosted.org fedorahosted.org lists.pagure.io > > # INTERNET OR INTRANET > > diff --git a/roles/base/files/postfix/transports.mm-smtp > b/roles/base/files/postfix/transports.mm-smtp > index 582d455..ace4660 100644 > --- a/roles/base/files/postfix/transports.mm-smtp > +++ b/roles/base/files/postfix/transports.mm-smtp > @@ -2,4 +2,5 @@ lists.fedoraproject.org smtp:[ > mailman01.vpn.fedoraproject.org] > lists.fedorahosted.org smtp:[mailman01.vpn.fedoraproject.org] > redhat.com smtp:[mailman01.vpn.fedoraproject.org] > lists2.fedoraproject.org smtp:[mailman01.vpn.fedoraproject.org] > +lists.pagure.io smtp:[mailman01.vpn.fedoraproject.org] > fedorahosted.org smtp:[bastion.vpn.fedoraproject.org] > diff --git a/roles/mailman/tasks/main.yml b/roles/mailman/tasks/main.yml > index 41e3ff6..a665bc1 100644 > --- a/roles/mailman/tasks/main.yml > +++ b/roles/mailman/tasks/main.yml > @@ -519,6 +519,14 @@ >- restart memcached > > > +# SSL > +- name: Letsencrypt for lists.pagure.org > + include_role: name=letsencrypt > + vars: > +site_name: lists.pagure.io > + when: env == 'production' > + > + > # Start services > - name: start services >service: state=started enabled=yes name={{ item }} > ___ > infrastructure mailing list -- infrastructure@lists.fedoraproject.org > To unsubscribe send an email to > infrastructure-le...@lists.fedoraproject.org > Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedoraproject.org/archives/list/infrastructure@lists.fedoraproject.org > -- Brian (bex) Exelbierd | bexel...@redhat.com | b...@pobox.com Fedora Community Action & Impact Coordinator @bexelbie | http://www.winglemeyer.org ___ infrastructure mailing list -- infrastructure@lists.fedoraproject.org To unsubscribe send an email to infrastructure-le...@lists.fedoraproject.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/infrastructure@lists.fedoraproject.org